First reported on Friday, May 24th, 2019, First American Financial Corp., the largest real estate title insurer in the U.S., left 885 million personal and financial records unprotected. As reported by Brian Krebs, security researcher, these online documents contained consumer Social Security numbers, wire transaction receipts, bank account numbers, driver’s license images, and mortgage and tax records, and were accessible by anyone who knew the document web site URL.
First American Financial has disabled the website so the records, which dated as far back as 2003, are no longer publicly available. However, the documents had been left unprotected for more than two years.
It is unclear if this enormous collection of real estate documents was discovered by malicious actors. According to Krebs, even a novice hacker would be able to harvest mass amounts of these files through what’s known as a “low-and-slow” attack, providing cyberthieves with a golden ticket to commit fraud or sell the sensitive personal data in those documents for profit on the Dark Web.
Resources for Data Breach Victims
If compromised, the types of information involved in this data leak are comparable to that of the massive Equifax data breach, which put 143 million Americans at risk. Be vigilant about monitoring your financial accounts for suspicious activity, and freeze your credit with the three credit bureaus.
- ID Theft Protection Newsletter
- Data Breach News Summary (Table)
- 9 Tips for 2019 Data Breach Victims (Infographic)
- 7 Tips for Protecting Your Identity (Printable PDF)